Block Torrent applications from AD pgroup policy

is it possible to block all kind of torrent applications from AD group policy for all users. so they cannot open the application itself from their system if they have installed it already.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Giovanni HewardCommented:
You can blacklist via GPO, see;en-us;323525

You can also look into restricting DNS to a provider (such as OpenDNS) that allows category based blocking.
Emmanuel AdebayoGlobal Windows Infrastructure Engineer - ConsultantCommented:
ibrahim52Team LeaderCommented:
I would suggest you to go for a cheap firewall which supports HTTPS blocking to resolve your problem. I have tried a lot of GP but never worked because there are plenty of applications supports .torrent extension in fact there are browser based torrent servers which doesn't require installation at all and workings as a local host server.

Think about a situation where you have to give full privilege to a domain user taking it into ADMINISTRATOR group. What would you do that time to prevent this issue ?

Simply host a PC based firewall or ask your organization to spend some bucks and get a proper firewall to administrate and which can also keep your internet SECURE.
Mohammed KhawajaManager - Infrastructure:  Information TechnologyCommented:
GP will work if you are using Windows firewall on client PCs where you could block based on the application (file path) as well based on ports.  A firewall such as Sonicwall or Cisco could also help by blocking torrent ports.
Giovanni HewardCommented:
Using a firewall to block torrent communications is a challenge, as the torrent protocol was designed to circumvent them.  There is plenty of discussion elsewhere outlining the  difficulties of such an approach.  Don't get me wrong, there is absolutely nothing wrong with defense in depth, you simply cannot rely on a traditional firewall approach alone.   If you really want to effectively approach this you'll need deep packet inspection extrusion prevention combined with a TLS/SSL man-in-the-middle proxy.

That being said, (depending on your environment) it may be easier to block all applications and white list those approved by management.   This of course could be circumvented as well in numerous ways.  (Think cloud based apps, unauthorized VM's/equipment not on the domain, multiple OS's (one or more not on the domain) installed, smart devices, tunneling/remoting into an offsite pc, etc.

So again, defense in depth in key.  Make sure you have a proper acceptable use policy that transfers legal risk to the end user should they violate it, restrict DNS resolution (OpenDNS), use a TLS/SSL application proxy with packet inspection and extrusion prevention (which can proactively terminate connections), block torrent trackers by IP, blacklist known torrent applications, throttle connections to minimize impact on your network, etc.

At the end of the day the ideal approach is to present all these solutions to your management and have them decide which ones to implement after you've explained the pro's and con's of each.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.